SECURITY FIRST
Security conscious users will want to browse through the security configuration guide before booting their new computer.- Mac OS X Security Configuration Guides
- See also: Apple Product Security
- Keeping your Mac locked down: a Mac OS X security primer
Booting Mac OS X for the first time
-
Administrative Account
Upon booting Mac OS X for the first time, you are asked to create a user account. This user account will have administrative privileges!
- For obvious security reasons, I don't like having administrative privileges for standard user accounts.
- Also, the administrative account should not have an obvious name, such as admin or administrator (be creative, herein marcel is a standard account and bob is an administrative account, these are fictitious names).
-
IP Address
Register your computer onto the site network by visiting the following Web page: https://netreg.eecs.uottawa.ca. -
Time Server
If the machine resides on campus, you may want to set the NTP time server to time.uottawa.ca, otherwise time.apple.com is a logical choice. -
Software Updates
Install the latest software updates: from the Apple menu, select "Software Update...", or on the command line, type the following: softwareupdate --download --all --install.
After an update, you may want to verify and repair the disk permissions. For this, you will use Disk Utility, which can be found in the sub-folder Utilities of the Applications folder.
-
Developer tools
Install the developer tools from the OS X Snow Leopard disc or download the latest version from Apple Web site (requires creating a free Web account). This will install the GNU toolchain (gcc, make, automake, autoconf, bison, m4, etc.) along with Xcode, the integrated development environment. If you are planning on developing iPhone, iPod touch and iPad applications, download the iPhone developer tools, which is a super-set of the Mac development tools. Once installed, you will find the developer tools in the directory Developer. See also: Programming Environment section below. -
User Account
Here are three ways to create user accounts depending on your needs.- The simplest method is to go to the System Preferences (from the Apple menu), select Accounts, click the lock, click the + sign, fill in the information. This panel also allows you to create new user groups.
- If you need more options, for instance if you want to create a user account with a specific uid and gid (I like creating user accounts that match that of SITE infrastructure). You can either use the command line tools (see next item below) or you can download the Server Admin Tools (10.6.4). It's free, and although the name says server, you can use many of the tools to edit the localhost configuration. Once installed, you will find the tools in the sub-directory Server or the Applications directory. Use Workgroup Manager to create new user accounts or groups. Enter localhost for address, and the user name and password of your administrative account.
- If you prefer using command line tools, here are
the instructions. First, creating the group csistaff.
dscl . -create /Groups/csistaff gid 120 dscl . -create /Groups/csistaff passwd '*'
Next, creating a user account, belonging to the group csistaff.dscl . -create /Users/marcel uid 142 dscl . -create /Users/marcel gid 120 dscl . -create /Users/marcel shell /bin/bash dscl . -create /Users/marcel home /Users/marcel dscl . -create /Users/marcel realname "Marcel Turcotte" dscl . -create /Users/marcel password '*' passwd marcel sudo ditto --rsrc /Systems/Library/User\ Template/English.lproj /Users/marcel sudo chown -R marcel:csi staff /Users/marcel
Configuring your VPN
VPN access is restricted to uOttawa employees (also, you need to have access to your InfoWeb account).- Cisco has a VPN client that can be downloaded from here. But, 1) this application is not well integrated into the OS X environment and 2) upgrades of the OS are likely to break it (until a newer version of the client is released).
- Alternatively, OS X supports Cisco IPSec VPN connections out of the box, contact me for the instructions.
Clean Installation
- Boot from the OS X Snow Leopard disc. There are at least two ways to do this. Insert the disc, restart your computer, immediately hold down the "c" button on your keyboard, releasing the key when the Apple logo and the spinning beach ball appear. Alternatively, goto the System Preferences (from the Apple menu), select Start-up Disk, from the System panel, select the OS X Snow Leopard disc.
- On the 'Select a Destination' screen, click 'Options' and select 'Erase and Install'. This is also the screen for selecting the format of the disk (case sensitive or not).
- I was hoping to setup an OS X Extended Journaled Case-Sensitive file system, however, some people have reported issues installing applications such as Adobe Creative Suite 2. Therefore, I have always used the default file system: OS X Extended Journaled.
Setting up firmware password
For workstations in public spaces or laptops, you may want to setup a firmware password. Start from the Snow Leopard Install DVD and choose Firmware Password Utility. Click the box requiring a password for booting the computer from another source than its hard disk and enter the password information.
Securing sensitive data
Macports and Fink
Macports and Fink are two projects that aim to bring Unix Open Source software to Mac OS. I tried both environments, and I am now using Macports (which seems to have some support from Apple). Some of the applications that I like to have are: recode (recoding files from one character set to another), wget and aspell (spell checker).Administrative Commands
Since your user account has no admnistrative privileges (meaning that it is not listed in /etc/sudoers), you cannot use sudo for executing administrative commands. In a shell, you must first su to your administrative account (say bob), and then use sudo.- su - bob
- sudo cmd...
Configuring your account for the first time
- Enable Web sharing: System Preferences -> Sharing
- Enable remote login (ssh): System Preferences -> Sharing
- Enable fast user switching: System Preferences -> Accounts
- Use PDF, instead of PNG, for the screen captures:
defaults write com.apple.screencapture type pdf killall SystemUIServer
- Adding a message onto the login screen:
sudo - bob sudo defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText -string "..."
where ... is "School of Information Technology and Engineering, Faculty of Engineering, University of Ottawa, Ottawa (Ontario) Canada". - Changing the login screen background:
sudo - bob sudo defaults write /Library/Preferences/com.apple.loginwindow DesktopPicture "/Library/Desktop Pictures/Black & White/Lightning.jpg"
- If you would like to use the command locate on the
command line for finding file names quickly then you need to build
the necessary database:
su - bob sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.locate.plist
- If you are creating user accounts for running certain
applications, you may want not want them to be listed on
the login window.
su - bob sudo defaults write /Library/Preferences/com.apple.loginwindow HiddenUsersList -array-add shortname1 shortname2 shortname3
A new entry will appear in the login window labeled "Other", this allows entering credentials for accounts that are not listed. If you want to prevent that:su - bob sudo /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow SHOWOTHERUSERS_MANAGED -bool FALSE
Also from the System Preferences
You may want to enable tap to click, as well as 2, 3, 4 fingers gestures, for laptops.
Enable Exposé and Spaces.
Programming Environment
Program Editors
Integrated Development Environment (IDE)
Programming Languages
Building Applications Using Xcode
In Xcode, in order to build applications, your account must be a member of the Developer Tools group, otherwise you will be prompted to enter the name and password of the administrative account, as shown above (Type the name and password of a user in the "Developer Tools" group to allow Developer Tools Access to make changes).
In order to add your account to that group, type the following two commands in a shell.
su - bob sudo dscl . append /Groups/_developer GroupMembership marcel
Alternatively, you can use the Server Admin Tools if you have it installed (see User accounts section above).
Safari Develop/Debug menu
Here is the command line to enable the developer's menu in Safari.defaults write com.apple.safari IncludeDebugMenu 1
Scientific and non-scientific writing
- LaTeX, BEAMER, TeXShop, BibDesk...
- iWork: Pages, Numbers, Keynote
- You can obtain a copy of Microsoft Office 2008 for Mac at Cosmos, the computer store located in the University Bookstore in the University Centre.
- Papers
- Skim (PDF reader, annotator, fantastic for reading theses and publications)
- Antidote
Essentials
Useful
- me.com
- Unison File Synchronizer
- 1Password
- OmniGraffle
- Growl
- TinyAlarm
- Windows Media Components for QuickTime, by Flip4Mac
OS X, iPhone, iPod touch and iPad integration
- 1Password: Mac, iPhone & iPod touch, iPad
- Things: Mac, iPhone & iPod touch, iPad
- Evernote: Mac, iPhone & iPod touch iPad
- Papers: Mac, iPhone & iPod touch, iPad
- NetNewsWire: Mac, iPhone & iPod touch, iPad
- iTalk (iPhone & iPod touch), iTalk Sync (Mac)
- MobileMe, Mac, iPhone &s; iPod touch, iPad
- Dropbox, iPhone & and iPod touch, iPad
- Air Sharing, Air Sharing HD
- Pastebot, Pastebot Sync
- Instapaper
Running Windows and Linux on your Mac
Books
In 2005, I made the switch from Solaris and Linux to OS X. I found Mac OS X for Unix Geeks truly useful. Although OS X is very intuitive, in order to really appreciate how the environment can contribute to your productivity, I recommend reading Mac OS X Snow Leopard: The Missing Manual.Stay away from these applications
- SOHO Notes (Mac),
NoteLife
(iPhone & iPod touch)
At least in my set up, which involves 3 macs synchronizing with MobileMe, as well as an iPod touch and iPad synchronizing over the air, the application keeps duplicating my notes!